MIX_C = [[0x2, 0x3, 0x1, 0x1], [0x1, 0x2, 0x3, 0x1], [0x1, 0x1, 0x2, 0x3], [0x3, 0x1, 0x1, 0x2]]
I_MIXC = [[0xe, 0xb, 0xd, 0x9], [0x9, 0xe, 0xb, 0xd], [0xd, 0x9, 0xe, 0xb], [0xb, 0xd, 0x9, 0xe]]
RCon = [0x01000000, 0x02000000, 0x04000000, 0x08000000, 0x10000000, 0x20000000, 0x40000000, 0x80000000, 0x1B000000,
        0x36000000]

S_BOX = [[0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5, 0x30, 0x01, 0x67, 0x2B, 0xFE, 0xD7, 0xAB, 0x76],
         [0xCA, 0x82, 0xC9, 0x7D, 0xFA, 0x59, 0x47, 0xF0, 0xAD, 0xD4, 0xA2, 0xAF, 0x9C, 0xA4, 0x72, 0xC0],
         [0xB7, 0xFD, 0x93, 0x26, 0x36, 0x3F, 0xF7, 0xCC, 0x34, 0xA5, 0xE5, 0xF1, 0x71, 0xD8, 0x31, 0x15],
         [0x04, 0xC7, 0x23, 0xC3, 0x18, 0x96, 0x05, 0x9A, 0x07, 0x12, 0x80, 0xE2, 0xEB, 0x27, 0xB2, 0x75],
         [0x09, 0x83, 0x2C, 0x1A, 0x1B, 0x6E, 0x5A, 0xA0, 0x52, 0x3B, 0xD6, 0xB3, 0x29, 0xE3, 0x2F, 0x84],
         [0x53, 0xD1, 0x00, 0xED, 0x20, 0xFC, 0xB1, 0x5B, 0x6A, 0xCB, 0xBE, 0x39, 0x4A, 0x4C, 0x58, 0xCF],
         [0xD0, 0xEF, 0xAA, 0xFB, 0x43, 0x4D, 0x33, 0x85, 0x45, 0xF9, 0x02, 0x7F, 0x50, 0x3C, 0x9F, 0xA8],
         [0x51, 0xA3, 0x40, 0x8F, 0x92, 0x9D, 0x38, 0xF5, 0xBC, 0xB6, 0xDA, 0x21, 0x10, 0xFF, 0xF3, 0xD2],
         [0xCD, 0x0C, 0x13, 0xEC, 0x5F, 0x97, 0x44, 0x17, 0xC4, 0xA7, 0x7E, 0x3D, 0x64, 0x5D, 0x19, 0x73],
         [0x60, 0x81, 0x4F, 0xDC, 0x22, 0x2A, 0x90, 0x88, 0x46, 0xEE, 0xB8, 0x14, 0xDE, 0x5E, 0x0B, 0xDB],
         [0xE0, 0x32, 0x3A, 0x0A, 0x49, 0x06, 0x24, 0x5C, 0xC2, 0xD3, 0xAC, 0x62, 0x91, 0x95, 0xE4, 0x79],
         [0xE7, 0xC8, 0x37, 0x6D, 0x8D, 0xD5, 0x4E, 0xA9, 0x6C, 0x56, 0xF4, 0xEA, 0x65, 0x7A, 0xAE, 0x08],
         [0xBA, 0x78, 0x25, 0x2E, 0x1C, 0xA6, 0xB4, 0xC6, 0xE8, 0xDD, 0x74, 0x1F, 0x4B, 0xBD, 0x8B, 0x8A],
         [0x70, 0x3E, 0xB5, 0x66, 0x48, 0x03, 0xF6, 0x0E, 0x61, 0x35, 0x57, 0xB9, 0x86, 0xC1, 0x1D, 0x9E],
         [0xE1, 0xF8, 0x98, 0x11, 0x69, 0xD9, 0x8E, 0x94, 0x9B, 0x1E, 0x87, 0xE9, 0xCE, 0x55, 0x28, 0xDF],
         [0x8C, 0xA1, 0x89, 0x0D, 0xBF, 0xE6, 0x42, 0x68, 0x41, 0x99, 0x2D, 0x0F, 0xB0, 0x54, 0xBB, 0x16]]

I_SBOX = [[0x52, 0x09, 0x6A, 0xD5, 0x30, 0x36, 0xA5, 0x38, 0xBF, 0x40, 0xA3, 0x9E, 0x81, 0xF3, 0xD7, 0xFB],
          [0x7C, 0xE3, 0x39, 0x82, 0x9B, 0x2F, 0xFF, 0x87, 0x34, 0x8E, 0x43, 0x44, 0xC4, 0xDE, 0xE9, 0xCB],
          [0x54, 0x7B, 0x94, 0x32, 0xA6, 0xC2, 0x23, 0x3D, 0xEE, 0x4C, 0x95, 0x0B, 0x42, 0xFA, 0xC3, 0x4E],
          [0x08, 0x2E, 0xA1, 0x66, 0x28, 0xD9, 0x24, 0xB2, 0x76, 0x5B, 0xA2, 0x49, 0x6D, 0x8B, 0xD1, 0x25],
          [0x72, 0xF8, 0xF6, 0x64, 0x86, 0x68, 0x98, 0x16, 0xD4, 0xA4, 0x5C, 0xCC, 0x5D, 0x65, 0xB6, 0x92],
          [0x6C, 0x70, 0x48, 0x50, 0xFD, 0xED, 0xB9, 0xDA, 0x5E, 0x15, 0x46, 0x57, 0xA7, 0x8D, 0x9D, 0x84],
          [0x90, 0xD8, 0xAB, 0x00, 0x8C, 0xBC, 0xD3, 0x0A, 0xF7, 0xE4, 0x58, 0x05, 0xB8, 0xB3, 0x45, 0x06],
          [0xD0, 0x2C, 0x1E, 0x8F, 0xCA, 0x3F, 0x0F, 0x02, 0xC1, 0xAF, 0xBD, 0x03, 0x01, 0x13, 0x8A, 0x6B],
          [0x3A, 0x91, 0x11, 0x41, 0x4F, 0x67, 0xDC, 0xEA, 0x97, 0xF2, 0xCF, 0xCE, 0xF0, 0xB4, 0xE6, 0x73],
          [0x96, 0xAC, 0x74, 0x22, 0xE7, 0xAD, 0x35, 0x85, 0xE2, 0xF9, 0x37, 0xE8, 0x1C, 0x75, 0xDF, 0x6E],
          [0x47, 0xF1, 0x1A, 0x71, 0x1D, 0x29, 0xC5, 0x89, 0x6F, 0xB7, 0x62, 0x0E, 0xAA, 0x18, 0xBE, 0x1B],
          [0xFC, 0x56, 0x3E, 0x4B, 0xC6, 0xD2, 0x79, 0x20, 0x9A, 0xDB, 0xC0, 0xFE, 0x78, 0xCD, 0x5A, 0xF4],
          [0x1F, 0xDD, 0xA8, 0x33, 0x88, 0x07, 0xC7, 0x31, 0xB1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xEC, 0x5F],
          [0x60, 0x51, 0x7F, 0xA9, 0x19, 0xB5, 0x4A, 0x0D, 0x2D, 0xE5, 0x7A, 0x9F, 0x93, 0xC9, 0x9C, 0xEF],
          [0xA0, 0xE0, 0x3B, 0x4D, 0xAE, 0x2A, 0xF5, 0xB0, 0xC8, 0xEB, 0xBB, 0x3C, 0x83, 0x53, 0x99, 0x61],
          [0x17, 0x2B, 0x04, 0x7E, 0xBA, 0x77, 0xD6, 0x26, 0xE1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0C, 0x7D]]

'''
def SubBytes(State):
    # 字节替换
    return [S_BOX[i][j] for i, j in
            [(_ >> 4, _ & 0xF) for _ in State]]


def SubBytes_Inv(State):
    # 字节逆替换
    return [I_SBOX[i][j] for i, j in
            [(_ >> 4, _ & 0xF) for _ in State]]
'''

def SubBytes(State, S_BOX, is_sbox_2d=True):
    """
    通用的字节替换函数（兼容一维/二维S盒）

    :param State: 输入状态（字节列表，如16字节）
    :param S_BOX: S盒（一维或二维列表）
    :param is_sbox_2d: 显式指定S盒维度（可选，默认True=二维）
    :return: 替换后的字节列表
    """
    result = []
    for byte in State:
        if not (0 <= byte <= 0xFF):
            raise ValueError(f"无效字节值: {byte} (必须为0x00-0xFF)")

        # 自动检测S盒维度（若未显式指定is_sbox_2d）
        if is_sbox_2d is None:
            is_sbox_2d = isinstance(S_BOX[0], (list, tuple))  # 检查第一行是否为多维

        # 根据S盒维度选择索引方式
        if is_sbox_2d:
            row = (byte >> 4) & 0xF  # 高4位作为行
            col = byte & 0xF  # 低4位作为列
            if row >= len(S_BOX) or col >= len(S_BOX[0]):
                raise IndexError(f"S盒索引越界: row={row}, col={col}")
            result.append(S_BOX[row][col])
        else:
            if byte >= len(S_BOX):
                raise IndexError(f"S盒索引越界: byte={byte}")
            result.append(S_BOX[byte])
    return result

'''
def ShiftRows(S):
    # 行移位
    return [S[0], S[5], S[10], S[15],
            S[4], S[9], S[14], S[3],
            S[8], S[13], S[2], S[7],
            S[12], S[1], S[6], S[11]]

def ShiftRows_Inv(S):
    # 逆行移位
    return [S[0], S[13], S[10], S[7],
            S[4], S[1], S[14], S[11],
            S[8], S[5], S[2], S[15],
            S[12], S[9], S[6], S[3]]
'''

def ShiftRows(state, rows=4, cols=4, shift_offsets=None, direction="left", order="row_major"):
    """
    通用行移位函数（支持不同矩阵尺寸、移位方向和自定义偏移）

    :param state: 输入状态（一维列表，长度应为 rows*cols）
    :param rows: 矩阵行数（默认4，如AES）
    :param cols: 矩阵列数（默认4，如AES）
    :param shift_offsets: 每行移位量列表（长度=rows，默认None时自动生成AES偏移）
    :param direction: 移位方向 ("left" 或 "right"，默认左移）
    :param order: 矩阵存储顺序 ("row_major"行优先 或 "col_major"列优先，默认行优先）
    :return: 移位后的状态列表
    """
    # ------------------------------
    # 参数校验
    # ------------------------------
    if len(state) != rows * cols:
        raise ValueError(f"状态长度 {len(state)} 与矩阵尺寸 {rows}x{cols} 不匹配")

    if shift_offsets is None:
        shift_offsets = [0, 1, 2, 3][:rows]  # AES默认偏移
    elif len(shift_offsets) != rows:
        raise ValueError(f"移位偏移列表长度需等于行数 {rows}")

    direction = direction.lower()
    if direction not in ("left", "right"):
        raise ValueError("方向必须是 'left' 或 'right'")

    order = order.lower()
    if order not in ("row_major", "col_major"):
        raise ValueError("顺序必须是 'row_major' 或 'col_major'")

    # ------------------------------
    # 将一维状态转换为二维矩阵
    # ------------------------------
    matrix = []
    if order == "row_major":
        for i in range(rows):
            matrix.append(state[i * cols: (i + 1) * cols])
    else:  # col_major
        for i in range(cols):
            matrix.append([state[j * cols + i] for j in range(rows)])

    # ------------------------------
    # 执行行移位
    # ------------------------------
    shifted_matrix = []
    for row_idx in range(rows):
        row = matrix[row_idx]
        offset = shift_offsets[row_idx] % cols  # 确保偏移在有效范围内

        if direction == "left":
            shifted_row = row[offset:] + row[:offset]
        else:  # right
            shifted_row = row[-offset:] + row[:-offset]

        shifted_matrix.append(shifted_row)

    # ------------------------------
    # 将二维矩阵转回一维状态
    # ------------------------------
    if order == "row_major":
        return [elem for row in shifted_matrix for elem in row]
    else:  # col_major
        return [shifted_matrix[j][i] for i in range(rows) for j in range(cols)]

'''
def MixColumns(State):
    # 列混合
    return Matrix_Mul(MIX_C, State)


def MixColumns_Inv(State):
    # 逆列混合
    return Matrix_Mul(I_MIXC, State)
'''

'''
def mod(poly, mod=0b100011011):
    # poly模多项式mod
    while poly.bit_length() > 8:
        poly ^= mod << poly.bit_length() - 9
    return poly


def mul(poly1, poly2):
    # 多项式相乘
    result = 0
    for index in range(poly2.bit_length()):
        if poly2 & 1 << index:
            result ^= poly1 << index
    return result


def Matrix_Mul(M1, M2):  # M1 = MIX_C  M2 = State
    # 用于列混合的矩阵相乘
    M = [0] * 16
    for row in range(4):
        for col in range(4):
            for Round in range(4):
                M[row + col * 4] ^= mul(M1[row][Round], M2[Round + col * 4])
            M[row + col * 4] = mod(M[row + col * 4])
    return M
'''

def gf_mul(poly1, poly2, mod_poly=0x11B):
    """Galois Field (GF(2^8)) 多项式乘法，支持自定义模多项式"""
    result = 0
    for i in range(poly2.bit_length()):
        if poly2 & (1 << i):
            result ^= poly1 << i
    # 模约简（Barrett约简优化）
    while result >= 0x100:
        shift = result.bit_length() - mod_poly.bit_length()
        if shift >= 0:
            result ^= mod_poly << shift
        else:
            break
    return result

def matrix_mix(state, mix_matrix, rows=4, cols=4, mod_poly=0x11B, transpose_mix=False):
    """
    通用矩阵列混合函数
    :param state: 输入状态（一维列表，长度 rows*cols）
    :param mix_matrix: 混合矩阵（二维列表，尺寸需兼容）
    :param rows: 状态矩阵行数（默认4）
    :param cols: 状态矩阵列数（默认4）
    :param mod_poly: 模多项式（默认AES的0x11B）
    :param transpose_mix: 是否转置混合矩阵（用于逆向列混合）
    :return: 混合后的状态列表
    """
    # --------------------------
    # 输入校验
    # --------------------------
    if len(state) != rows * cols:
        raise ValueError(f"状态长度 {len(state)} != {rows}x{cols}")
    if not (len(mix_matrix) == rows and all(len(row) == rows for row in mix_matrix)):
        raise ValueError(f"混合矩阵必须为 {rows}x{rows} 方阵")

    # 转置混合矩阵（如需）
    mix_mat = [list(row) for row in mix_matrix]
    if transpose_mix:
        mix_mat = list(zip(*mix_mat))

    # --------------------------
    # 矩阵乘法核心
    # --------------------------
    result = [0] * (rows * cols)
    for row in range(rows):          # 对每列操作
        for col in range(cols):      # 结果矩阵的行
            acc = 0
            for k in range(rows):    # 矩阵乘法累加
                state_idx = k + cols * col  # 列优先存储的索引
                acc ^= gf_mul(mix_mat[row][k], state[state_idx], mod_poly)
            result[row + col * cols] = acc
    return result

def generic_rotate_word(word, word_size=32, shift_bytes=1, direction='left'):
    """通用循环移位函数（处理整数输入）"""
    byte_length = word_size // 8
    max_val = (1 << word_size) - 1

    # 转换为字节并循环移位
    bytes_val = word.to_bytes(byte_length, 'big')
    if direction == 'left':
        rotated = bytes_val[shift_bytes:] + bytes_val[:shift_bytes]
    else:
        rotated = bytes_val[-shift_bytes:] + bytes_val[:-shift_bytes]

    # 转换回整数并确保位数正确
    return int.from_bytes(rotated, 'big') & max_val


def generic_substitute_word(word, substitution_table, word_size=32):
    """通用替换函数（处理整数输入）"""
    byte_length = word_size // 8
    result = 0
    for i in range(byte_length):
        byte = (word >> ((byte_length - 1 - i) * 8)) & 0xFF
        # 二维S盒访问
        row = (byte >> 4) & 0x0F
        col = byte & 0x0F
        substituted = substitution_table[row][col]
        result |= substituted << ((byte_length - 1 - i) * 8)
    return result


def generic_key_expansion(initial_key,  # 初始密钥（整数形式）
                          key_size_bytes=16,  # 初始密钥字节长度
                          rounds=10,  # 轮数
                          word_size=32,  # 字长（bits）
                          sub_func=lambda x: x,  # 替换函数
                          rot_func=lambda x: x,  # 循环移位函数
                          rcon=None):  # 轮常数列表
    """通用密钥扩展函数（保持原始输入输出格式）"""
    # 参数预处理
    byte_length = word_size // 8
    key_words = key_size_bytes // byte_length
    total_words = key_words * (rounds + 1)
    rcon = rcon or [0] * rounds

    # 将初始密钥分解为字列表
    words = []
    for i in range(key_words):
        shift = word_size * (key_words - 1 - i)
        words.append((initial_key >> shift) & ((1 << word_size) - 1))

    # 密钥扩展主逻辑
    for i in range(key_words, total_words):
        temp = words[i - 1]

        # 应用核心操作
        if i % key_words == 0:
            temp = rot_func(temp)
            temp = sub_func(temp)
            temp ^= rcon[i // key_words - 1]
        elif word_size == 32 and key_words == 8 and i % key_words == 4:
            temp = sub_func(temp)

        words.append(words[i - key_words] ^ temp)

    # 修正sum函数的使用方式
    return [
        ((words[4 * i] << 96)
         | (words[4 * i + 1] << 64)
         | (words[4 * i + 2] << 32)
         | words[4 * i + 3]).to_bytes(16, 'big')
        for i in range(rounds + 1)
    ]

# AES专用实现
def aes_key_expansion(initial_key):
    return generic_key_expansion(
        initial_key=initial_key,
        key_size_bytes=16,
        rounds=10,
        word_size=32,
        sub_func=lambda x: generic_substitute_word(x, S_BOX, 32),
        rot_func=lambda x: generic_rotate_word(x, 32, 1, 'left'),
        rcon=RCon
    )

'''
def RotWord(_4byte_block):
    # 用于生成轮密钥的字移位
    return ((_4byte_block & 0xffffff) << 8) + (_4byte_block >> 24)


def SubWord(_4byte_block):
    # 用于生成密钥的字节替换
    result = 0
    for position in range(4):
        i = _4byte_block >> position * 8 + 4 & 0xf
        j = _4byte_block >> position * 8 & 0xf
        result ^= S_BOX[i][j] << position * 8
    return result

def round_key_generator(_16bytes_key):
    # 轮密钥产生
    w = [_16bytes_key >> 96,
         _16bytes_key >> 64 & 0xFFFFFFFF,
         _16bytes_key >> 32 & 0xFFFFFFFF,
         _16bytes_key & 0xFFFFFFFF] + [0] * 40
    for i in range(4, 44):
        temp = w[i - 1]
        if not i % 4:
            temp = SubWord(RotWord(temp)) ^ RCon[i // 4 - 1]
        w[i] = w[i - 4] ^ temp
    return [num_2_16bytes(
        sum([w[4 * i] << 96, w[4 * i + 1] << 64,
             w[4 * i + 2] << 32, w[4 * i + 3]])
    ) for i in range(11)]
'''

def AddRoundKey(State, RoundKeys, index):
    # 异或轮密钥
    return _16bytes_xor(State, RoundKeys[index])


def _16bytes_xor(_16bytes_1, _16bytes_2):
    return [_16bytes_1[i] ^ _16bytes_2[i] for i in range(16)]


def _16bytes2num(_16bytes):
    # 16字节转数字
    return int.from_bytes(_16bytes, byteorder='big')


def num_2_16bytes(num):
    # 数字转16字节
    return num.to_bytes(16, byteorder='big')


def hex_str_to_bytes(hex_str):
    # 将十六进制字符串转换为字节
    return bytes.fromhex(hex_str)

def bytes_to_num(byte_data):
    # 将字节数据转换为数字
    return int.from_bytes(byte_data, byteorder='big')

def bytes_to_str(byte_array):
    # 将字节数组转换为十六进制字符串
    return ''.join([f'{byte:02x}' for byte in byte_array])

def num_to_bytes(num):
    # 将数字转换为字节数据
    return num.to_bytes(16, byteorder='big')

def aes_encrypt(plaintext_list, RoundKeys):
    State = plaintext_list
    State = AddRoundKey(State, RoundKeys, 0)
    for Round in range(1, 10):
        State = SubBytes(State, S_BOX)
        State = ShiftRows(State, order="col_major")
        State = matrix_mix(State, MIX_C)#MixColumns(State)
        State = AddRoundKey(State, RoundKeys, Round)
    State = SubBytes(State, S_BOX)
    State = ShiftRows(State, order="col_major")
    State = AddRoundKey(State, RoundKeys, 10)
    return State


def aes_decrypt(ciphertext_list, RoundKeys):
    State = ciphertext_list
    State = AddRoundKey(State, RoundKeys, 10)
    for Round in range(1, 10):
        State = ShiftRows(State, direction="right", order="col_major")
        State = SubBytes(State, I_SBOX)
        State = AddRoundKey(State, RoundKeys, 10 - Round)
        State = matrix_mix(State, I_MIXC)#MixColumns_Inv(State)
    State = ShiftRows(State, direction="right", order="col_major")
    State = SubBytes(State, I_SBOX)
    State = AddRoundKey(State, RoundKeys, 0)
    return State

def aes_encrypt_from_str(plaintext_str, key_str):
    # 将输入的16字节密钥和明文字符串转换为适当格式
    key = bytes_to_num(hex_str_to_bytes(key_str))
    plaintext = bytes_to_num(hex_str_to_bytes(plaintext_str))
    RoundKeys = aes_key_expansion(key)#round_key_generator(key)

    # 加密
    plaintext_bytes = num_to_bytes(plaintext)
    ciphertext = aes_encrypt(plaintext_bytes, RoundKeys)
    return bytes_to_str(ciphertext)


def aes_decrypt_from_str(ciphertext_str, key_str):
    # 将输入的16字节密钥和密文字符串转换为适当格式
    key = bytes_to_num(hex_str_to_bytes(key_str))
    ciphertext = bytes_to_num(hex_str_to_bytes(ciphertext_str))
    RoundKeys = aes_key_expansion(key)#round_key_generator(key)

    # 解密
    ciphertext_bytes = num_to_bytes(ciphertext)
    plaintext = aes_decrypt(ciphertext_bytes, RoundKeys)
    return bytes_to_str(plaintext)


# Example Usage:
if __name__ == '__main__':
    key_str = "2b7e151628aed2a6abf7158809cf4f3c"  # 128-bit key in hex
    plaintext_str = "3243f6a8885a308d313198a2e0370734"  # 128-bit plaintext in hex
    ciphertext_str = "3925841d02dc09fbdc118597196a0b32"  # 128-bit ciphertext in hex

    ciphertext = aes_encrypt_from_str(plaintext_str, key_str)
    print(f"Ciphertext: {ciphertext}")

    plaintext = aes_decrypt_from_str(ciphertext_str, key_str)
    print(f"Decrypted plaintext: {plaintext}")

# Key: 2b7e151628aed2a6abf7158809cf4f3c
# Plaintext: 3243f6a8885a308d313198a2e0370734

'''
class AES:

    MIX_C  = [[0x2, 0x3, 0x1, 0x1], [0x1, 0x2, 0x3, 0x1], [0x1, 0x1, 0x2, 0x3], [0x3, 0x1, 0x1, 0x2]]
    I_MIXC = [[0xe, 0xb, 0xd, 0x9], [0x9, 0xe, 0xb, 0xd], [0xd, 0x9, 0xe, 0xb], [0xb, 0xd, 0x9, 0xe]]
    RCon   = [0x01000000, 0x02000000, 0x04000000, 0x08000000, 0x10000000, 0x20000000, 0x40000000, 0x80000000, 0x1B000000, 0x36000000]

    S_BOX = [[0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5, 0x30, 0x01, 0x67, 0x2B, 0xFE, 0xD7, 0xAB, 0x76],
             [0xCA, 0x82, 0xC9, 0x7D, 0xFA, 0x59, 0x47, 0xF0, 0xAD, 0xD4, 0xA2, 0xAF, 0x9C, 0xA4, 0x72, 0xC0],
             [0xB7, 0xFD, 0x93, 0x26, 0x36, 0x3F, 0xF7, 0xCC, 0x34, 0xA5, 0xE5, 0xF1, 0x71, 0xD8, 0x31, 0x15],
             [0x04, 0xC7, 0x23, 0xC3, 0x18, 0x96, 0x05, 0x9A, 0x07, 0x12, 0x80, 0xE2, 0xEB, 0x27, 0xB2, 0x75],
             [0x09, 0x83, 0x2C, 0x1A, 0x1B, 0x6E, 0x5A, 0xA0, 0x52, 0x3B, 0xD6, 0xB3, 0x29, 0xE3, 0x2F, 0x84],
             [0x53, 0xD1, 0x00, 0xED, 0x20, 0xFC, 0xB1, 0x5B, 0x6A, 0xCB, 0xBE, 0x39, 0x4A, 0x4C, 0x58, 0xCF],
             [0xD0, 0xEF, 0xAA, 0xFB, 0x43, 0x4D, 0x33, 0x85, 0x45, 0xF9, 0x02, 0x7F, 0x50, 0x3C, 0x9F, 0xA8],
             [0x51, 0xA3, 0x40, 0x8F, 0x92, 0x9D, 0x38, 0xF5, 0xBC, 0xB6, 0xDA, 0x21, 0x10, 0xFF, 0xF3, 0xD2],
             [0xCD, 0x0C, 0x13, 0xEC, 0x5F, 0x97, 0x44, 0x17, 0xC4, 0xA7, 0x7E, 0x3D, 0x64, 0x5D, 0x19, 0x73],
             [0x60, 0x81, 0x4F, 0xDC, 0x22, 0x2A, 0x90, 0x88, 0x46, 0xEE, 0xB8, 0x14, 0xDE, 0x5E, 0x0B, 0xDB],
             [0xE0, 0x32, 0x3A, 0x0A, 0x49, 0x06, 0x24, 0x5C, 0xC2, 0xD3, 0xAC, 0x62, 0x91, 0x95, 0xE4, 0x79],
             [0xE7, 0xC8, 0x37, 0x6D, 0x8D, 0xD5, 0x4E, 0xA9, 0x6C, 0x56, 0xF4, 0xEA, 0x65, 0x7A, 0xAE, 0x08],
             [0xBA, 0x78, 0x25, 0x2E, 0x1C, 0xA6, 0xB4, 0xC6, 0xE8, 0xDD, 0x74, 0x1F, 0x4B, 0xBD, 0x8B, 0x8A],
             [0x70, 0x3E, 0xB5, 0x66, 0x48, 0x03, 0xF6, 0x0E, 0x61, 0x35, 0x57, 0xB9, 0x86, 0xC1, 0x1D, 0x9E],
             [0xE1, 0xF8, 0x98, 0x11, 0x69, 0xD9, 0x8E, 0x94, 0x9B, 0x1E, 0x87, 0xE9, 0xCE, 0x55, 0x28, 0xDF],
             [0x8C, 0xA1, 0x89, 0x0D, 0xBF, 0xE6, 0x42, 0x68, 0x41, 0x99, 0x2D, 0x0F, 0xB0, 0x54, 0xBB, 0x16]]

    I_SBOX = [[0x52, 0x09, 0x6A, 0xD5, 0x30, 0x36, 0xA5, 0x38, 0xBF, 0x40, 0xA3, 0x9E, 0x81, 0xF3, 0xD7, 0xFB],
              [0x7C, 0xE3, 0x39, 0x82, 0x9B, 0x2F, 0xFF, 0x87, 0x34, 0x8E, 0x43, 0x44, 0xC4, 0xDE, 0xE9, 0xCB],
              [0x54, 0x7B, 0x94, 0x32, 0xA6, 0xC2, 0x23, 0x3D, 0xEE, 0x4C, 0x95, 0x0B, 0x42, 0xFA, 0xC3, 0x4E],
              [0x08, 0x2E, 0xA1, 0x66, 0x28, 0xD9, 0x24, 0xB2, 0x76, 0x5B, 0xA2, 0x49, 0x6D, 0x8B, 0xD1, 0x25],
              [0x72, 0xF8, 0xF6, 0x64, 0x86, 0x68, 0x98, 0x16, 0xD4, 0xA4, 0x5C, 0xCC, 0x5D, 0x65, 0xB6, 0x92],
              [0x6C, 0x70, 0x48, 0x50, 0xFD, 0xED, 0xB9, 0xDA, 0x5E, 0x15, 0x46, 0x57, 0xA7, 0x8D, 0x9D, 0x84],
              [0x90, 0xD8, 0xAB, 0x00, 0x8C, 0xBC, 0xD3, 0x0A, 0xF7, 0xE4, 0x58, 0x05, 0xB8, 0xB3, 0x45, 0x06],
              [0xD0, 0x2C, 0x1E, 0x8F, 0xCA, 0x3F, 0x0F, 0x02, 0xC1, 0xAF, 0xBD, 0x03, 0x01, 0x13, 0x8A, 0x6B],
              [0x3A, 0x91, 0x11, 0x41, 0x4F, 0x67, 0xDC, 0xEA, 0x97, 0xF2, 0xCF, 0xCE, 0xF0, 0xB4, 0xE6, 0x73],
              [0x96, 0xAC, 0x74, 0x22, 0xE7, 0xAD, 0x35, 0x85, 0xE2, 0xF9, 0x37, 0xE8, 0x1C, 0x75, 0xDF, 0x6E],
              [0x47, 0xF1, 0x1A, 0x71, 0x1D, 0x29, 0xC5, 0x89, 0x6F, 0xB7, 0x62, 0x0E, 0xAA, 0x18, 0xBE, 0x1B],
              [0xFC, 0x56, 0x3E, 0x4B, 0xC6, 0xD2, 0x79, 0x20, 0x9A, 0xDB, 0xC0, 0xFE, 0x78, 0xCD, 0x5A, 0xF4],
              [0x1F, 0xDD, 0xA8, 0x33, 0x88, 0x07, 0xC7, 0x31, 0xB1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xEC, 0x5F],
              [0x60, 0x51, 0x7F, 0xA9, 0x19, 0xB5, 0x4A, 0x0D, 0x2D, 0xE5, 0x7A, 0x9F, 0x93, 0xC9, 0x9C, 0xEF],
              [0xA0, 0xE0, 0x3B, 0x4D, 0xAE, 0x2A, 0xF5, 0xB0, 0xC8, 0xEB, 0xBB, 0x3C, 0x83, 0x53, 0x99, 0x61],
              [0x17, 0x2B, 0x04, 0x7E, 0xBA, 0x77, 0xD6, 0x26, 0xE1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0C, 0x7D]]

    def SubBytes(self, State):
        # 字节替换
        return [self.S_BOX[i][j] for i, j in 
               [(_ >> 4, _ & 0xF) for _ in State]]

    def SubBytes_Inv(self, State):
        # 字节逆替换
        return [self.I_SBOX[i][j] for i, j in
               [(_ >> 4, _ & 0xF) for _ in State]]

    def ShiftRows(self, S):
        # 行移位
        return [S[ 0], S[ 5], S[10], S[15], 
                S[ 4], S[ 9], S[14], S[ 3],
                S[ 8], S[13], S[ 2], S[ 7],
                S[12], S[ 1], S[ 6], S[11]]

    def ShiftRows_Inv(self, S):
        # 逆行移位
        return [S[ 0], S[13], S[10], S[ 7],
                S[ 4], S[ 1], S[14], S[11],
                S[ 8], S[ 5], S[ 2], S[15],
                S[12], S[ 9], S[ 6], S[ 3]]

    def MixColumns(self, State):
        # 列混合
        return self.Matrix_Mul(self.MIX_C, State)

    def MixColumns_Inv(self, State):
        # 逆列混合
        return self.Matrix_Mul(self.I_MIXC, State)

    def RotWord(self, _4byte_block):
        # 用于生成轮密钥的字移位
        return ((_4byte_block & 0xffffff) << 8) + (_4byte_block >> 24)

    def SubWord(self, _4byte_block):
        # 用于生成密钥的字节替换
        result = 0
        for position in range(4):
            i = _4byte_block >> position * 8 + 4 & 0xf
            j = _4byte_block >> position * 8 & 0xf
            result ^= self.S_BOX[i][j] << position * 8
        return result

    def mod(self, poly, mod = 0b100011011):  
        # poly模多项式mod
        while poly.bit_length() > 8:
            poly ^= mod << poly.bit_length() - 9
        return poly

    def mul(self, poly1, poly2):
        # 多项式相乘
        result = 0
        for index in range(poly2.bit_length()):
            if poly2 & 1 << index:
                result ^= poly1 << index
        return result

    def Matrix_Mul(self, M1, M2):  # M1 = MIX_C  M2 = State
        # 用于列混合的矩阵相乘
        M = [0] * 16
        for row in range(4):
            for col in range(4):
                for Round in range(4):
                    M[row + col*4] ^= self.mul(M1[row][Round], M2[Round+col*4])
                M[row + col*4] = self.mod(M[row + col*4])
        return M

    def round_key_generator(self, _16bytes_key):
        # 轮密钥产生
        w = [_16bytes_key >> 96, 
             _16bytes_key >> 64 & 0xFFFFFFFF, 
             _16bytes_key >> 32 & 0xFFFFFFFF, 
             _16bytes_key & 0xFFFFFFFF] + [0]*40
        for i in range(4, 44):
            temp = w[i-1]
            if not i % 4:
                temp = self.SubWord(self.RotWord(temp)) ^ self.RCon[i//4-1]
            w[i] = w[i-4] ^ temp
        return [self.num_2_16bytes(
                    sum([w[4 * i] << 96, w[4*i+1] << 64, 
                         w[4*i+2] << 32, w[4*i+3]])
                    ) for i in range(11)]

    def AddRoundKey(self, State, RoundKeys, index):
        # 异或轮密钥
        return self._16bytes_xor(State, RoundKeys[index])

    def _16bytes_xor(self, _16bytes_1, _16bytes_2):
        return [_16bytes_1[i] ^ _16bytes_2[i] for i in range(16)]

    def _16bytes2num(cls, _16bytes):
        # 16字节转数字
        return int.from_bytes(_16bytes, byteorder = 'big')

    def num_2_16bytes(cls, num):
        # 数字转16字节
        return num.to_bytes(16, byteorder = 'big')

    def aes_encrypt(self, plaintext_list, RoundKeys):
        State = plaintext_list
        State = self.AddRoundKey(State, RoundKeys, 0)
        for Round in range(1, 10):
            State = self.SubBytes(State)
            State = self.ShiftRows(State)
            State = self.MixColumns(State)
            State = self.AddRoundKey(State, RoundKeys, Round)
        State = self.SubBytes(State)
        State = self.ShiftRows(State)
        State = self.AddRoundKey(State, RoundKeys, 10)
        return State

    def aes_decrypt(self, ciphertext_list, RoundKeys):
        State = ciphertext_list
        State = self.AddRoundKey(State, RoundKeys, 10)
        for Round in range(1, 10):
            State = self.ShiftRows_Inv(State)
            State = self.SubBytes_Inv(State)
            State = self.AddRoundKey(State, RoundKeys, 10-Round)
            State = self.MixColumns_Inv(State)
        State = self.ShiftRows_Inv(State)
        State = self.SubBytes_Inv(State)
        State = self.AddRoundKey(State, RoundKeys, 0)
        return State

if __name__ == '__main__':

    aes = AES()
    key = 0x2b7e151628aed2a6abf7158809cf4f3c
    RoundKeys = aes.round_key_generator(key)

    # 加密
    plaintext = 0x3243f6a8885a308d313198a2e0370734
    # 0x00112233445566778899aabbccddeeff -> b'\x00\x11"3DUfw\x88\x99\xaa\xbb\xcc\xdd\xee\xff'
    plaintext = aes.num_2_16bytes(plaintext)
    ciphertext = aes.aes_encrypt(plaintext, RoundKeys)
    print('ciphertext = ' + hex(aes._16bytes2num(ciphertext)))

    # 解密
    ciphertext = 0x3925841d02dc09fbdc118597196a0b32#0x69c4e0d86a7b0430d8cdb78070b4c55a
    ciphertext = aes.num_2_16bytes(ciphertext)
    plaintext = aes.aes_decrypt(ciphertext, RoundKeys)
    print('plaintext = ' + hex(aes._16bytes2num(plaintext)))

# Key: 2b7e151628aed2a6abf7158809cf4f3c
# Plaintext: 3243f6a8885a308d313198a2e0370734
'''